A month ago, the Nobel Committee awarded The Nobel Peace Prize to Mr. Liu Xiaobo. He was awarded for — to quote the prize committee — long and non-violent struggle for fundamental human rights in China.

A targeted attack was launched yesterday, the 7th of November. The attack used an e-mail that was spoofed to look like it originated from oslofreedomforum.com. It didn't.

The spoofed e-mail looked like this:

If the file invitation.pdf (md5: 29DB2FBA7975A16DBC4F3C9606432AB2) is opened, it uses an exploit to crash Adobe Reader and then drops a backdoor to the system. The backdoor calls home to phile.3322.org.

To mask all that, this file is shown to the user:

[Image removed after a request from affected parties. The original image contained a very convincing invitation to the Nobel Peace Prize ceremony]

We don't know who launched the attack, or who the target was.

We detect the PDF file as Exploit.PDF-TTF.Gen and the backdoor as Trojan.Generic.4974556.